Legal review pending. This document is a structural draft prepared by TETRA Agency. Final wording will be reviewed by Saudi legal counsel before commercial use. Last updated: April 2026.
TETRA ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our website and engage our services.
This policy is aligned with the Saudi Personal Data Protection Law (PDPL) and the General Data Protection Regulation (GDPR) where applicable.
Identity data: name, job title, company, and any other information you provide through our contact forms or engagement documents.
Contact data: email address, phone number, WhatsApp number, and business address.
Technical data: IP address, browser type and version, device identifiers, time-zone setting, operating system, and referrer URL.
Usage data: pages visited, features used, and interaction patterns — collected via privacy-respecting analytics with PII masking enabled where available.
To respond to your enquiry, schedule discovery calls, and deliver the services you have engaged us for.
To improve our site, services, and internal delivery quality.
To comply with legal, regulatory, and contractual obligations under Saudi and applicable international law.
We do not sell your personal data, and we do not share it with third parties for advertising purposes.
We rely on a tightly scoped set of vetted processors to run the site and respond to enquiries: Vercel (hosting and edge network), Cloudflare (Turnstile bot protection and DNS), Resend (transactional email), Upstash (rate-limit counters), PostHog (product analytics), Microsoft Clarity (session replay with PII masking), and Sentry (error monitoring with PII scrubbing).
Each processor has its own privacy policy and is bound by data-protection obligations consistent with our own.
Under PDPL and GDPR you have the right to access, correct, delete, export, or restrict processing of your personal data. You may also withdraw consent at any time where we rely on consent as the legal basis.
To exercise any of these rights, email info@tetra-agency.com with the subject line 'Data Request'. We respond within 30 days.
We retain personal data only as long as necessary for the purposes it was collected, to comply with legal obligations, resolve disputes, and enforce agreements.
Contact enquiries are retained for 24 months from the last interaction unless a contractual relationship is formed. Engagement records follow the retention schedule specified in the signed agreement.
Some of our processors operate outside the Kingdom of Saudi Arabia. Where personal data is transferred internationally, we rely on the transfer mechanisms permitted by PDPL and, where relevant, GDPR, including standard contractual clauses and supplementary safeguards.
We apply industry-standard technical and organisational measures: encryption in transit (TLS 1.3), encryption at rest where supported by the processor, least-privilege access, secret scanning in CI, and regular security review.
No transmission over the internet is fully secure. We cannot guarantee absolute security but we do commit to modern best practices and timely disclosure of material incidents.
Questions about this policy? Get in touch.